This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Patch Instructions:
#1077358 #1099510 #1101288 #925502 #995352
Cross- CVE-2015-2775 CVE-2016-6893 CVE-2018-0618
CVE-2018-13796 CVE-2018-5950
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Enterprise Storage 4
https://www.suse.com/security/cve/CVE-2015-2775.html
https://www.suse.com/security/cve/CVE-2016-6893.html
https://www.suse.com/security/cve/CVE-2018-0618.html
https://www.suse.com/security/cve/CVE-2018-13796.html
Get the latest Linux and open source security news straight to your inbox.